-
Notifications
You must be signed in to change notification settings - Fork 14
/
config.html.md.erb
53 lines (32 loc) · 2.25 KB
/
config.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
---
title: GitLab
owner: Partners
---
## GitLab Configuration
The settings displayed in the screenshot below are used for the configuration of the GitLab application, and related security services.
![Image of OpsManager GitLab configuration](config.png)
## Properties
### Route Name
Defaults to `gitlab`. This route is registered against the apps domain configured on the runtime tile. The URL is used to access the GitLab web interface. Only HTTPS connections are accepted, and attempts to connect over HTTP are automatically redirected to HTTPS.
### Emails From
The address to be used when sending email from GitLab, such as `gitlab-no-reply@my-pcf.example.com`.
### Emails Reply-To
The reply-to address to be used.
### Emails Display Name
A "friendly" name shown to users in their inboxes.
### Initial Root Password
Password to pre-configure for the `root` user upon deployment of a new installation. This is not required, and will not be used during upgrades.
### Enable Rack Attack
Checkbox for enabling Rack Attack for this deployment. Defaults to checked. Only disable if other security measures are in place.
### SSH Extra Configuration
This `text` field allows the input of a snippet that will be appened to the `sshd_config` by OpenSSH's `sshd` used by GitLab for access via SSH. The field is _not validated_, so it is left to the user to ensure that all content is valid according to the [man(5) page for `sshd_config`](http://manpages.ubuntu.com/manpages/trusty/man5/sshd_config.5.html).
This field allows the configuration of security parameters for the SSH daemon such as `Ciphers`, `MACs`, and `KexAlgorithms`. The default values are those currently implemented in by the Ubuntu Trusty (14.04.5 LTS) package, as seen below.
```
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
```
Recommended reading on this configuration item:
- http://manpages.ubuntu.com/manpages/trusty/man5/sshd_config.5.html
- https://www.openssh.com/legacy.html
- https://wiki.mozilla.org/Security/Guidelines/OpenSSH
- https://bettercrypto.org/static/applied-crypto-hardening.pdf